Social Media Not Always Secure

It's easy to conclude that emerging social media tools such as Twitter and Facebook make it easier for companies to connect more closely with stakeholders. These fast-evolving tools both accelerate and enrich the communication process, which on the surface seems to be an absolute slam dunk for most businesses.

But just because you can go fast doesn't mean you should. All that social media goodness comes with a cost, one that can quickly and permanently threaten the security of your brand.

Largely thanks to the ubiquitous penetration of the commercial Internet, we've experienced nothing short of a revolution during the past 15 years or so in how we communicate with large audiences. Once upon a not-so-long-ago time, if you wanted everyone to get the message, you either bought advertising in a newspaper or sent out a press release and waited for reporters to call. You also could send out fliers, do a mailing or even put up a billboard. The process was complex, time-consuming and expensive.

Today, one message on Twitter can be sent to hundreds, thousands or more recipients in less time than it takes to read this sentence. Facebook fan pages attract massive audiences, and RSS feeds pump out updated content to engaged followers wherever they may be. Forget press releases and conventional advertising: Today's tools of mass communication are inexpensive, fast and available to everyone.

That's the problem.

The appeal of social media tools – they're largely free and frighteningly easy to use – makes them potentially risky, too. If some ticked-off former employee starts a Facebook account in your company's name and then uses it to spread falsehoods about the firm, you might not even know you've got a problem until long after the damage has been done.

And it's already happening. Twitter, the current belle of the social media ball, is rife with fake accounts of people who claim to be Steve Jobs, Steve Ballmer and a range of other notable folks from the world of tech and business. In some cases, they fess up and call themselves fake. Like a good "Saturday Night Live" sketch, it's parody, and everyone's in on the joke.

It's when the fakes aren't joking that things get ugly. Often pretending to be official representatives of the company, they lure customers, suppliers and other stakeholders into believing they're the real deal. In many cases, it could be a front for identity theft. In others, their goal is to ruin the victimized company's good name.

Even if all they're doing is having a good time at a legitimate company's expense, the risk is significant, as firms that fail to clamp down on social-media-based misuse of their brands risk suffering long-term and often irreversible damage. A customer who's been ripped off or given the runaround by a revenge-seeking misfit will likely never return to the fold. Said customer likely doesn't care whether or not the source was legitimate. Any company that allows shenanigans like this to take place will pay dearly for their failure to stay ahead of the social media curve.

All this comes about as companies grapple with the larger issue of leveraging social media for business benefit. As we've seen with each new wave of communication technology – from e-mail to instant messaging, PDAs to smart phones, Ethernet to wireless – organizations often take a decidedly conservative approach when a new, untested solution hits the market. In the case of IM, for example, many companies banned it outright and kept their heads in the sand for the first couple of years.

While no-go and go-slow strategies can give companies a bit of breathing space while they (hopefully) build a plan and pull together the requisite resources, the very nature of social media gives leaders a small window to get things moving. Playing ostrich is no longer a viable strategy because employees – or ex-employees or even strangers – will use these tools regardless. IT departments across all sectors need to develop social-media-aware policies that recognize and document the advantages and risks of using these tools in a business context.

They also need to do a better job keeping track of who's saying what about the company on freely available social media services. Even if they have no plans to establish an official presence in these new high grounds of online life, they should still register accounts using the most popular and likely brandings to ensure no one else snaps them up and misuses them.

Whether CIOs and CSOs like it or not, social media is here to stay, and it's adding a new wrinkle to business efforts to secure their own brands. Ignoring the risk doesn't make it any less dangerous.

Carmi Levy is a technology journalist and analyst with experience launching help desks and managing projects for major financial services institutions. He offers consulting advice on enterprise infrastructure, mobility and emerging social media. He can be reached at editor (at) certmag (dot) com.